拦截器修改

2024-09-09 09:25:16 +08:00 · 2024-09-09 09:25:16 +08:00 · e2ee2937e0
parent 23632d13e5
commit e2ee2937e0
8 changed files with 108 additions and 26 deletions
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/IPWhites.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/IPWhites.java
@ -0,0 +1,31 @@
 package com.securitycontrol.common.security.interceptor;
 import org.apache.xmlbeans.impl.xb.xsdschema.Public;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 /**
 *
 */
 public class IPWhites {
    public static String  ips="27.50.227.1,27.50.227.2,27.50.227.3,27.50.227.4,27.50.227.5,27.50.227.6,27.50.227.7,27.50.227.8,27.50.227.9,27.50.227.10,27.50.227.11,27.50.227.12,27.50.227.13,27.50.227.14,27.50.227.15,27.50.227.16,27.50.227.17,27.50.227.18,27.50.227.19,27.50.227.20,27.50.227.21,27.50.227.22,27.50.227.23,27.50.227.24,27.50.227.25,27.50.227.26,27.50.227.27,27.50.227.28,27.50.227.29,27.50.227.30,27.50.227.31,27.50.227.32,27.50.227.33,27.50.227.34,27.50.227.35,27.50.227.36,27.50.227.37,27.50.227.38,27.50.227.39,27.50.227.40,27.50.227.41,27.50.227.42,27.50.227.43,27.50.227.44,27.50.227.45,27.50.227.46,27.50.227.47,27.50.227.48,27.50.227.49,27.50.227.50,27.50.227.51,27.50.227.52,27.50.227.53,27.50.227.54,27.50.227.55,27.50.227.56,27.50.227.57,27.50.227.58,27.50.227.59,27.50.227.60,27.50.227.61,27.50.227.62,27.50.227.63,27.50.227.64,27.50.227.65,27.50.227.66,27.50.227.67,27.50.227.68,27.50.227.69,27.50.227.70,27.50.227.71,27.50.227.72,27.50.227.73,27.50.227.74,27.50.227.75,27.50.227.76,27.50.227.77,27.50.227.78,27.50.227.79,27.50.227.80,27.50.227.81,27.50.227.82,27.50.227.83,27.50.227.84,27.50.227.85,27.50.227.86,27.50.227.87,27.50.227.88,27.50.227.89,27.50.227.90,27.50.227.91,27.50.227.92,27.50.227.93,27.50.227.94,27.50.227.95,27.50.227.96,27.50.227.97,27.50.227.98,27.50.227.99,27.50.227.100,27.50.227.101,27.50.227.102,27.50.227.103,27.50.227.104,27.50.227.105,27.50.227.106,27.50.227.107,27.50.227.108,27.50.227.109,27.50.227.110,27.50.227.111,27.50.227.112,27.50.227.113,27.50.227.114,27.50.227.115,27.50.227.116,27.50.227.117,27.50.227.118,27.50.227.119,27.50.227.120,27.50.227.121,27.50.227.122,27.50.227.123,27.50.227.124,27.50.227.125,27.50.227.126";
    public static void main(String[] args) {
    }
    public  static List<String> getIps(){
        List<String> list=new ArrayList<>();
        String[] str=ips.split(",");
        List<String>  list2=Arrays.asList(str);
        list.addAll(list2);
        list.add("127.0.0.1");
        list.add("27.50.49.56");
        return  list;
    }
 }
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/MyFilter.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/MyFilter.java
@ -1,11 +1,15 @@
 package com.securitycontrol.common.security.interceptor;
 import com.securitycontrol.common.core.utils.aes.StringHelper;
 import com.securitycontrol.common.security.utils.XssRequestWrapper;
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
 /**
@ -21,7 +25,46 @@ public class MyFilter implements Filter {
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletRequest requestWrapper = null;
-        HttpServletRequest request = (HttpServletRequest) servletRequest;
+        HttpServletResponse response = (HttpServletResponse) servletResponse;
        HttpServletRequest  request = (HttpServletRequest) servletRequest;
        String xForwardedFor = request.getHeader("X-Forwarded-For");
        // 这里添加你的验证逻辑，例如检查是否包含特定的值或格式
        if (StringHelper.isNotEmpty(xForwardedFor)) {
            String[] ipAddresses = xForwardedFor.split(",");
            if (ipAddresses.length > 0) {
                boolean isAllowed = false;
                for (String ip : ipAddresses) {
                    if (IPWhites.getIps().contains(ip.trim())) {
                        isAllowed = true;
                        break;
                    }
                }
                if (!isAllowed) {
                    // 如果头部不匹配，可以抛出异常或返回错误响应
                    response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
                    ServletOutputStream outputStream = response.getOutputStream();
                    outputStream.write(new String("错误的XFF".getBytes(),"utf-8").getBytes());
                    outputStream.flush();
                    return;
                }
            }
        }
        response.setHeader("Access-Control-Allow-Origin", "*");
        // 当前只支持POST 跟GET
        response.setHeader("Access-Control-Allow-Methods",
                "POST, GET");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers",
                "Content-Type, x-requested-with, X-Custom-Header, Authorization");
        // 对OPTIONS请求进行拦截处理
        String  options="OPTIONS";
        if(options.equalsIgnoreCase(request.getMethod())){
            response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
            ServletOutputStream outputStream = response.getOutputStream();
            outputStream.write(new String("不安全的请求".getBytes(),"utf-8").getBytes());
            outputStream.flush();
            return;
        }
        if (servletRequest instanceof HttpServletRequest && !isFileUpload(request)) {
            requestWrapper = new XssRequestWrapper((HttpServletRequest) servletRequest);
        }
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/ParamSecureHandler.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/ParamSecureHandler.java
@ -84,6 +84,11 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
    public static final String[] EXCLUDE_URLS = {"/sys/pro/addPro","/sys/pro/editPro","/sys/pro/importProData","/back/personnel/addPersonnel","/back/personnel/editPersonnel","/pageJump","/validateToken"};
    public static final String[] activeFile={"/back/area/deleteSwFile","/sys/pro/viewProFile","/back/area/deleteSwFile",
        "/back/area/downLoadFile"
    };
    public boolean isFileUpload(HttpServletRequest request) {
        for (String excludeUrl : EXCLUDE_URLS) {
@ -97,13 +102,21 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        XssRequestWrapper requestWrapper = new XssRequestWrapper(request);
        try{
            if (!checkIsYq(request, requestWrapper)) {
                returnJson(response, "越权访问,接口未授权", 401);
                return false;
            }
        }catch (Exception e){
            returnJson(response, "令牌不能为空", 401);
        }
        // 过滤文件上传功能
        if(isFileUpload(request)){
            return true;
        }
        System.out.println("进入了拦截器");
        System.err.println(request.getRequestURI());
        XssRequestWrapper requestWrapper = new XssRequestWrapper(request);
        String requestUrl = requestWrapper.getRequestURI();
        /**
@ -162,14 +175,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
            returnJson(response,"请求参数丢失",500);
            return false;
        }*/
-        try{
+
            if (!checkIsYq(request, requestWrapper)) {
                returnJson(response, "越权访问,接口未授权", 401);
                return false;
            }
        }catch (Exception e){
             returnJson(response, "令牌不能为空", 401);
        }
        return true;
    }
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/service/TokenService.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/service/TokenService.java
@ -60,7 +60,7 @@ public class TokenService {
        claimsMap.put(SecurityConstants.USER_KEY, token);
        claimsMap.put(SecurityConstants.DETAILS_USER_ID, userId);
        claimsMap.put(SecurityConstants.DETAILS_ISC_USER_ID, loginUser.getSysUser().getIscUserId());
-        claimsMap.put(SecurityConstants.DETAILS_USERNAME, userName);
+     //   claimsMap.put(SecurityConstants.DETAILS_USERNAME, userName);
        // 接口返回信息
        Map<String, Object> rspMap = new HashMap<String, Object>(50);
        String jwtToken=JwtUtils.createToken(claimsMap);
--- a/securitycontrol-gateway/src/main/java/com/securitycontrol/gateway/config/CorsConfig.java
+++ b/securitycontrol-gateway/src/main/java/com/securitycontrol/gateway/config/CorsConfig.java
@ -14,7 +14,7 @@ import org.springframework.web.util.pattern.PathPatternParser;
@Configuration
 public class CorsConfig {
    @Bean
-    public CorsWebFilter corsFilter() {
+    public CorsWebFilter CorsFilter() {
        CorsConfiguration config = new CorsConfiguration();
        config.addAllowedMethod("*");
        config.addAllowedOrigin("*");
--- a/securitycontrol-gateway/src/main/java/com/securitycontrol/gateway/config/CorsFilter.java
+++ b/securitycontrol-gateway/src/main/java/com/securitycontrol/gateway/config/CorsFilter.java
@ -1,5 +1,7 @@
 package com.securitycontrol.gateway.config;
 import org.springframework.stereotype.Component;
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
--- a/securitycontrol-gateway/src/main/java/com/securitycontrol/gateway/filter/AuthFilter.java
+++ b/securitycontrol-gateway/src/main/java/com/securitycontrol/gateway/filter/AuthFilter.java
@ -76,17 +76,17 @@ public class AuthFilter implements GlobalFilter, Ordered
        Claims claims1=JwtUtils.parseToken(token);
        Integer userId=(Integer) claims1.get(SecurityConstants.DETAILS_USER_ID);
        String iscUser=(String) claims1.get(SecurityConstants.DETAILS_ISC_USER_ID);
-        String userName=(String) claims1.get(SecurityConstants.DETAILS_USERNAME);
+     //   String userName=(String) claims1.get(SecurityConstants.DETAILS_USERNAME);
        int times =60*30;
        redisService.set("token:"+jwtToken,jwtToken,times);
        redisService.set("userId::"+userId,jwtToken,times);
        redisService.set("ISCUserId:"+jwtToken,iscUser,times);
-        redisService.set("userName:"+jwtToken,userName,times);
+      //  redisService.set("userName:"+jwtToken,userName,times);
        String userid = JwtUtils.getUserId(claims);
        String username = JwtUtils.getUserName(claims);
        String iscUserId= JwtUtils.getIscUserId(claims);
-        if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))
+        if (StringUtils.isEmpty(userid))
        {
            return unauthorizedResponse(exchange, "令牌验证失败");
        }
--- a/securitycontrol-model/securitycontrol-files/src/main/resources/bootstrap.yml
+++ b/securitycontrol-model/securitycontrol-files/src/main/resources/bootstrap.yml
@ -30,20 +30,20 @@ spring:
        # 共享配置
        shared-configs:
          - vsc-dev.yml
  data:
    mongodb:
      host: 192.168.0.56
      port: 27017
      database: zhgd
      username: zhgd
      password: Bonus@admin123
 #  data:
 #    mongodb:
-#      host: 47.115.207.135
+#      host: 192.168.0.56
 #      port: 27017
-#      database: admin
+#      database: zhgd
-#      username: admin
+#      username: zhgd
-#      password: Bonus@admin123!
+#      password: Bonus@admin123
  data:
    mongodb:
      host: 47.115.207.135
      port: 27017
      database: admin
      username: admin
      password: Bonus@admin123!
 #加密组件
 jasypt:
  encryptor: